September 26, 2016

Exploitation 105

Return Oriented Programming (ROP) is introduced and a modern history of exploit mitigations is revisted. Other *-oriented programming exploitation techniques are discussed at a high level like Jump Oriented Programming (JOP) and Call Oriented Programming (COP). We walk through how to chain functions together with the stack under various function calling conventions (cdecl, fastcall, stdcall), and introduce the concept of gadgets. ROP Gadget compilers are introduced briefly. Finally the second half of the lecture presents a review of topics for MIDTERM 2.